ebb3a9f2b4
- https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445
56 lines
2.5 KiB
Diff
56 lines
2.5 KiB
Diff
From c28482b2d23865e3d068e4b9fb39c363c0d18b19 Mon Sep 17 00:00:00 2001
|
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
Date: Fri, 7 Nov 2014 13:58:17 +0100
|
|
Subject: [PATCH 14/26] LDAP: Disable token groups by default
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
We tried to speed up processing of initgroup lookups with tokenGroups even for
|
|
the LDAP provider (if remote server is Active Directory), but it turns out that
|
|
there are too many corner cases that we didn't catch during development that
|
|
break. For instance, groups from other trusted domains might appear in TG and
|
|
the LDAP provider isn't equipped to handle them.
|
|
|
|
Overall, users who wish to use the added speed benefits of tokenGroups are
|
|
advised to use the AD provider.
|
|
|
|
Resolves:
|
|
https://fedorahosted.org/sssd/ticket/2483
|
|
|
|
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
---
|
|
src/man/sssd-ldap.5.xml | 2 +-
|
|
src/providers/ldap/ldap_opts.h | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
|
|
index 815b06250e826a36ef023e8a43a8925df89d2bbf..47d05a736403859325e61a9ebebe78df0601917a 100644
|
|
--- a/src/man/sssd-ldap.5.xml
|
|
+++ b/src/man/sssd-ldap.5.xml
|
|
@@ -1022,7 +1022,7 @@
|
|
Active Directory Server 2008 and later.
|
|
</para>
|
|
<para>
|
|
- Default: True
|
|
+ Default: True for AD and IPA otherwise False.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
|
|
index dedbdac0bcf647337d4c00b1fbb82d6b46be5b54..f46381e9fac7b93730ce0767154989f2e3b7ebbf 100644
|
|
--- a/src/providers/ldap/ldap_opts.h
|
|
+++ b/src/providers/ldap/ldap_opts.h
|
|
@@ -116,7 +116,7 @@ struct dp_option default_basic_opts[] = {
|
|
{ "ldap_idmap_default_domain_sid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
|
|
{ "ldap_groups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
{ "ldap_initgroups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
- { "ldap_use_tokengroups", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE},
|
|
+ { "ldap_use_tokengroups", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE},
|
|
{ "ldap_rfc2307_fallback_to_local_users", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
{ "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
{ "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER},
|
|
--
|
|
2.1.0
|
|
|